UbuntuUpdates.org

Package "systemd"

Name: systemd

Description:

system and service manager
Latest version: 229-4ubuntu21.27
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://www.freedesktop.org/wiki/Software/systemd

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "systemd"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "systemd" in Xenial

Repository Area Version
base universe 229-4ubuntu4
base main 229-4ubuntu4
security universe 229-4ubuntu21.27
updates universe 229-4ubuntu21.31
updates main 229-4ubuntu21.31

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 229-4ubuntu21.9 2018-11-19 18:06:56 UTC

  systemd (229-4ubuntu21.9) xenial-security; urgency=medium

  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
      resolve this completely
    - CVE-2018-6954

 -- Chris Coulson <email address hidden> Thu, 15 Nov 2018 21:02:00 +0000
Source diff to previous version
CVE-2018-6954 systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of

Version: 229-4ubuntu21.8 2018-11-12 15:06:59 UTC

  systemd (229-4ubuntu21.8) xenial-security; urgency=medium

  * SECURITY UPDATE: reexec state injection
    - debian/patches/CVE-2018-15686.patch: when deserializing state always use
      read_line(…, LONG_LINE_MAX, …) rather than fgets()
    - CVE-2018-15686
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing
      recursively through directory trees
    - CVE-2018-6954

 -- Chris Coulson <email address hidden> Thu, 08 Nov 2018 00:01:30 +0000
Source diff to previous version
CVE-2018-15686 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be
CVE-2018-6954 systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of

Version: 229-4ubuntu21.6 2018-11-05 15:06:58 UTC

  systemd (229-4ubuntu21.6) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in dhcp6 client
    - debian/patches/CVE-2018-15688.patch: make sure we have enough space
      for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
    - CVE-2018-15688

 -- Marc Deslauriers <email address hidden> Wed, 31 Oct 2018 11:39:02 -0400
Source diff to previous version
CVE-2018-15688 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected

Version: 229-4ubuntu21.1 2018-02-05 20:06:28 UTC

  systemd (229-4ubuntu21.1) xenial-security; urgency=medium

  * SECURITY UPDATE: remote DoS in resolved (LP: #1725351)
    - debian/patches/CVE-2017-15908.patch: fix loop on packets with pseudo
      dns types in src/resolve/resolved-dns-packet.c.
    - CVE-2017-15908
  * SECURITY UPDATE: access to automounted volumes can lock up
    (LP: #1709649)
    - debian/patches/CVE-2018-1049.patch: ack automount requests even when
      already mounted in src/core/automount.c.
    - CVE-2018-1049

 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 07:42:30 -0500
Source diff to previous version
1725351 Systemd - Remote DOS of systemd-resolve service
1709649 229 backport for race between explicit mount and handling automount
CVE-2017-15908 In systemd 223 through 235, a remote DNS server can respond with a ...
CVE-2018-1049 automount: access to automounted volumes can lock up

Version: 229-4ubuntu10 2016-09-29 09:06:37 UTC

  systemd (229-4ubuntu10) xenial-security; urgency=medium

  * SECURITY UPDATE: zero-length notify message triggers abort/denial of
    service
    - systemd-dont_assert_on_zero_length_message-lp1628687.patch: change
      assert to simple return + log (LP: #1628687)
    - Thanks to Jorge Niedbalski <email address hidden> for
      the patch.

 -- Steve Beattie <email address hidden> Wed, 28 Sep 2016 14:21:42 -0700
1628687 Assertion failure when PID 1 receives a zero-length message over notify socket


About   -   Send Feedback to @ubuntu_updates